mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2025-01-18 08:06:16 +01:00
3422faad7e
This allows the pads to be named nicely instead of having just a random string as URL. For example the draft of the monthly report in july could be located at "https://md.archlinux.org/2023-07_monthly-report" instead of "https://md.archlinux.org/UF9Y235qTRe8XS3qxUVeJA". https://docs.hedgedoc.org/references/url-scheme/#freeurl-mode Signed-off-by: Christian Heusel <christian@heusel.eu>
19 lines
1.0 KiB
Django/Jinja
19 lines
1.0 KiB
Django/Jinja
[Service]
|
|
Environment=CMD_OAUTH2_USER_PROFILE_URL=https://accounts.archlinux.org/realms/archlinux/protocol/openid-connect/userinfo
|
|
Environment=CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username
|
|
Environment=CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name
|
|
Environment=CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email
|
|
Environment=CMD_OAUTH2_TOKEN_URL=https://accounts.archlinux.org/realms/archlinux/protocol/openid-connect/token
|
|
Environment=CMD_OAUTH2_AUTHORIZATION_URL=https://accounts.archlinux.org/realms/archlinux/protocol/openid-connect/auth
|
|
Environment=CMD_OAUTH2_CLIENT_ID=openid_hedgedoc
|
|
Environment=CMD_OAUTH2_CLIENT_SECRET={{ vault_hedgedoc_client_secret }}
|
|
Environment=CMD_OAUTH2_SCOPE="openid email profile roles"
|
|
Environment=CMD_OAUTH2_ROLES_CLAIM=roles
|
|
Environment=CMD_OAUTH2_ACCESS_ROLE=Staff
|
|
Environment=CMD_OAUTH2_PROVIDERNAME=Keycloak
|
|
Environment=CMD_DOMAIN=md.archlinux.org
|
|
Environment=CMD_PROTOCOL_USESSL=true
|
|
Environment=CMD_URL_ADDPORT=false
|
|
Environment=CMD_ALLOW_FREEURL=true
|
|
Environment=CMD_REQUIRE_FREEURL_AUTHENTICATION=true
|